MouseJack : Cyber Criminals Can Hijack Wireless Mice to Hack Computers from a distance
Wireless mouse is considered as a blessing in disguise by many PC owners because of the convenience of not having to deal with cumbersome wires and cables. In fact, wired mouse have taken a back seat after the launch of these wireless mice. But are they dangerous? Yes, according to Bastille, a security firm, who say that cyber criminals can use this very innocuous accessory to hack computers from afar.
Bastille says that a flaw in the way these wireless mouse transmit data could leave thousands of computers at risk from hackers.
Bastille says that a hacker standing within 100 yards of the victim’s computer and using a $30 long-range radio dongle and a few lines of code can intercept the radio signal between the victim’s mouse and the dongle plugged into the victim’s computer. Once he/she has intercepted the legitimate signals between the mouse and computer, this hacker the signal with her own and gain control over the victim’s PC.
The seriousness with the issue is that computers trust almost any keyboard and Chris Rouland made a similar point while speaking to Motherboard, “All computers trust their keyboards because humans use keyboards, so taking over a keyboard is kind of like the ultimate hack.”
Rouland stated that this flaw affects non-Bluetooth mice produced by Logitech, Dell, Lenovo and other brands. Bastille has branded with the hashtag-friendly word “MouseJack,” builds on previous research done on hacking wireless keyboards. But in this case, the issue is that manufacturers don’t properly encrypt data transmitted between the mouse and the dongle, according to Bastille’s white paper.
However, exploiting the flaw as claimed by Bastille is not easy. First and foremost, the hacker has to be near to the victim’s PC and mouse to pull this one off. The second thing is that the hacker needs to see the victim’s screen to be able to successfully hack the victim, according to security researchers who reviewed the research for Motherboard.
Bastille published a list of affected devices, and said it reached out to the manufacturers to alert them of the vulnerabilities last year. Out of the companies named by Bastille, Logitech has already released a new firmware that fixes the vulnerability on its Unifying dongle, which works with several mice. Users who want the fix have to download the firmware and install it themselves.
Dell has also accorded the flaw a top priority. A Dell spokesperson said that consumers who own the KM714 keyboard and mouse combo can get the Logitech firmware patch through Dell Tech Support. But for users who own the KM632 combo, the company suggests a replacement.
Microsoft simply sent a statement saying the company “has a customer commitment to investigate reported security issues, and will proactively update impacted devices as soon as possible,” but declined to offer any more details.
Lenovo, Amazon, Gigabyte and HP did not respond to a request for comment.